Resources

HOST website
DHS S&T website
GTRI Cyber Lab
Fall 2013 HOST Investment Awardees

The following four projects have been selected for funding from our 2013 call which closed on August 14th, 2013.

Open Source Application Framework for Web Applications with Strong Authentication for Administration will be a public reference implementation and working demonstration system of a web application framework that provides strong authentication for application administration. Originally intended for government IT organizations that lack typical (and expensive) strong authentication infrastructure such as public key infrastructure (PKI) or two-factor authentication tokens and an enterprise authentication service, the framework can be adapted to numerous uses.

Organization: Open Source Digital Voting Foundation
Domain: Authentication

OWASP AppSensor is an existing open source project that defines a conceptual framework, methodology, guidance and example code to implement attack detection and automated response within an application. It is not a bolt-on tool or code library, but instead offers insight to an approach for organizations to specify or develop their own implementations specific to their own business, applications, environments and risk profile. Web applications are one of the primary target uses of AppSensor.

Organization: OWASP Foundation
Domain: Intrusion Detection and Prevention

OpenDNP3 Security Additions intends to continue strengthening DNP3 (IEEE-1815), a standards-based SCADA/ICS protocol deployed pervasively in the United States, Australia, and the United Kingdom. It is officially recognized by NIST as a critical “smart grid standard”. It is used to efficiently communicate measurement and control data in industries like power, water, oil, and gas. The only reference implementation of the protocol is openDNP3.

Organization: Automatak, LLC
Domain: Industrial Control Systems

Situational Awareness Reference Architecture (SARA) Pilot Phase 1 intends to compile open source tools and methodologies which can be applied to the purpose of establishing situational awareness at industrial facilities and connecting these facilities with appropriate knowledge centers to create municipal, regional, national and international situational awareness of the cybersecurity state of cross-sector infrastructures.

Organization: ICS-ISAC
Domain: Security Analytics

Next Round

Timelines for a Spring 2014 HOST Investment Call for Applications will be posted here in December 2013.

Selection Procedure
  • Due diligence review of proposal
  • Interview with proposal host
  • Peer assessment by a community of experts from industry, academia, and government
  • Selection and notification
Program Overview
The Homeland Open Security Technology (HOST) program is funded by the Department of Homeland Security's Science and Technology Directorate (DHS S&T). HOST's mission is to investigate open security methods, models and technologies and identify viable and sustainable approaches that support national cyber security objectives.

The HOST program has three primary areas of focus: discovery, collaboration, and investment. This three-pronged approach to cybersecurity allows the HOST project to pursue a variety of research efforts, including the cataloguing of current open source projects, tools, and applications, and investigating open security techniques and initiatives, but also collaborating and investing in projects through seed funding, resource sharing, case studies, and public activities.

Current Investments

Suricata
Suricata is an open source Intrusion Detection and Prevention Engine (IDS/IPS) managed by the Open Information Security Foundation and funded by HOST and industry vendors. Suricata is unique to the IDS space in that it is multi-threaded, hardware-accelerated, a native IPS, and compatible with Mac OS X, Linux, BSD, and Windows.

OWASP Guidebook Project
This project will take the three most referenced security documents (OWASP's Test Guide, Code Review Guide, and Development Guide) and update them to combat current security issues. These guides provide specific instruction on writing secure code in applications and systematic steps in performing security assessments of a completed project, both from a code review and a penetration testing perspective. These guides will allow governments, businesses, developers, designers and solution architects to produce secure web applications.

Portland, OR OSS IDS/IPS Pilot
HOST has provided the City of Portland with a technical resource to gather the City's IPS requirements, conduct market research for alternative IPS solutions, including open source solutions, and make a recommendation based on the City's needs and current resources. Once a potential open source solution is found, it will be tested to ensure it meets established requirements.

Trusted Code Initiative
In its preliminary stages, the Trusted Code Initiative, is a strategic vision designed to provide access to more efficient, less costly and more secure technology resources for public-sector systems and the commercial entities that support them. The objective of the Trusted Code Initiative is to create a collaborative, self-sustaining marketplace for "Trusted" open source software technologies and practices used within government technology environments.